10
CVE-2022-1668
- EPSS 0.52%
- Veröffentlicht 24.06.2022 15:15:09
- Zuletzt bearbeitet 21.11.2024 06:41:13
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginWeak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Secheron ≫ Sepcos Control And Protection Relay Firmware Version >= 1.23.0 < 1.23.21
Secheron ≫ Sepcos Control And Protection Relay Firmware Version >= 1.24.0 < 1.24.8
Secheron ≫ Sepcos Control And Protection Relay Firmware Version >= 1.25.0 < 1.25.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.52% | 0.661 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| ics-cert@hq.dhs.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-521 Weak Password Requirements
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.